On the Definition of Non-deterministic Mechanisms

We present here three different approaches to the problem of modeling mathematically the concept of a non-deterministic mechanism. Each of these three approaches leads to a mathematical definition. We then show that all the three mathematical concepts are equivalent to one another. This insight gives us the option of approaching the wp-formalism of Dijkstra from a different viewpoint that is easier to understand and to teach.

💡 Research Summary

The paper investigates three mathematically distinct but equivalent ways to model nondeterministic mechanisms, a foundational concept for reasoning about nondeterministic programs. The authors first introduce a “choice‑set map” Δ: X → ℘(X), where X is a non‑empty state space and Δ(x) denotes the set of possible next states when the mechanism is invoked from state x. They distinguish dynamic elements (those with non‑empty Δ(x)) from static ones, and define two inverse‑image operators: the strong inverse Δ⁻¹(A) = { x | Δ(x) ⊆ A } and the weak inverse Δ⁻¹_w(A) = { x | Δ(x) ∩ A ≠ ∅ }.

The second approach follows Dijkstra’s wp‑style reasoning and defines a “multiplicative map” μ: ℘(X) → ℘(X) that satisfies μ(∅)=∅ and preserves arbitrary intersections: μ(⋂_j A_j)=⋂_j μ(A_j). From these axioms monotonicity (A⊆B ⇒ μ(A)⊆μ(B)) follows, and a one‑sided inclusion for unions (⋃_j μ(A_j) ⊆ μ(⋃_j A_j)).

The third approach defines an “additive map” α: ℘(X) → ℘(X) with α(∅)=∅ and preservation of arbitrary unions: α(⋃_j A_j)=⋃_j α(A_j). Again monotonicity follows, while only a one‑sided inclusion holds for intersections.

The central technical contribution is the proof of a bijective correspondence among these three structures:

• For any choice‑set map Δ, the strong inverse Δ⁻¹ is a unique multiplicative map μ, and the weak inverse Δ⁻¹_w is a unique additive map α.
• Conversely, given a multiplicative map μ, one can reconstruct Δ by setting Δ(x)=⋂{ A ⊆ X | x ∈ μ(A) }; this Δ satisfies Δ⁻¹ = μ. Similarly, given an additive map α, define Δ(x)={ y | x ∈ α(y) } to obtain Δ with Δ⁻¹_w = α.
• The three correspondences commute, yielding a three‑way equivalence between choice‑set maps, multiplicative maps, and additive maps.

The paper then studies continuity of these operators in the powerset lattice. A map σ: ℘(X) → ℘(X) is continuous if it preserves limits of all convergent sequences of sets. The authors prove that μ (and therefore α) is continuous iff every Δ(x) is finite. Thus finiteness of the nondeterministic choices is exactly the condition that makes the associated inverse‑image operators continuous in the set‑theoretic sense.

Next, the authors introduce several notions of convergence for a choice‑set map Δ:

• fix(Δ) = { x | Δ(x) = {x} } – fixed points.
• stab(Δ) = { x | Δⁿ(x) ⊆ dyn(Δ) for all n ≥ 0 } – stable points.
• con(Δ) = { x | x ∈ stab(Δ) and ∃k ≥ 0 : Δᵏ(x) ⊆ fix(Δ) } – convergent points.
• con_w(Δ) = { x | ∃k ≥ 0 : Δᵏ(x) ∩ fix(Δ) ≠ ∅ } – weakly convergent points.

They establish inclusion relationships (fix ⊆ con ⊆ con_w ∩ stab) and give elementary lemmas about how Δ‑iterations interact with these sets. A more practical characterization of convergence is also provided using the binary relation “x → y” whenever y ∈ Δ(x) and the notion of finite runs.

Finally, the authors connect their framework back to Dijkstra’s weakest‑precondition (wp) formalism. In the traditional wp approach, one works with a backward predicate transformer μ that maps post‑condition sets to the set of states guaranteeing those post‑conditions. The paper shows that μ is precisely the multiplicative map derived from a choice‑set map, while the additive map α corresponds to a weaker predicate transformer that guarantees at least one successful outcome. By recasting wp in terms of forward “choice‑set” semantics, the authors argue that the theory becomes more intuitive for teaching and for extending wp to modern programming paradigms such as parallelism and concurrency.

In summary, the paper provides a rigorous set‑theoretic foundation for nondeterministic mechanisms, demonstrates the equivalence of three natural mathematical models, links continuity to finiteness of choices, formalizes several convergence concepts, and offers a fresh perspective on Dijkstra’s wp‑calculus that may simplify both pedagogy and further research in program verification.